[UPHPU] receiving with $_REQUEST
Wade Preston Shearer
lists at wadeshearer.com
Thu Feb 28 16:56:36 MST 2008
> You defeat the purpose of CSRF by going outside the domain to use the
> script. CSRF attacks go after already applied authentication by
> using it
> against the user (using their security auth to do something
> malicious ).
I wasn't referring to CSRF. I was showing how the shopping cart/
MySpace example wasn't a valid reason against using REQUEST as the
hacker can fake-post to the shopping cart just as east as he can fake-
get to the shopping cart, both without user interaction.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2425 bytes
Desc: not available
Url : http://uphpu.org/pipermail/uphpu/attachments/20080228/c8167fdd/smime.bin
More information about the UPHPU